shiro icon indicating copy to clipboard operation
shiro copied to clipboard
verified publisher icon mellowagain

Rate Limit for user logins

Open mellowagain opened this issue 7 years ago • 1 comments

@cyanidee and me have decided to stress test Shiro. We have used the following:

  • 102 successful login tries
  • 100ms pause between the hits

Shiro was able to correctly process all 102 login tries for about 20 seconds before resulting in a segmentation fault.

This means that Shiro was able to process (102 * (20 * (1000 / 2))) = 1'020'000 login retries within 20 seconds perfectly without any hiccups. The CPU and RAM usage was not measured as my system monitor didn't update fast enough to notice any major difference to before hitting.

Now this is already a great number considering Ripple, the most widespread cho-protocol implementation server, crashes with just 5 successful tries every second within 20 seconds (tested by @cyanidee).

To prevent further crashes by running out of memory, implementation of rate limit is suggested.

mellowagain avatar Oct 07 '18 18:10 mellowagain

Shiro high rated Ripple PP underweighted Long have we waited Rate limiting activated

on a serious note, i agree

RenovaDeus avatar Oct 08 '18 21:10 RenovaDeus